Intelligent CISO Issue 53 - Page 66

decrypting myths
2 . The second thing we ’ re seeing is more aggression . You can imagine when you combine these together , you ’ re getting an even more potent mix , right ? This is the problem . Yes , there is more speed , but there is more aggression too . This includes the double extortion , triple extortion themes and targeted attacks that we ’ re seeing as well .
3 . Third , it ’ s about the tactics , the playbooks . There are more tactical approaches and dual-stage attacks that we ’ re seeing after doing reconnaissance for information , including information that ’ s coming from social media works , for example . In addition to everything that we talked about before , we ’ re still seeing more volume . All of that translates to more risk .
What new attack tactics are you seeing used in the cyberthreat landscape ?
Walker : If we look at the techniques , tactics , procedures ( TTPs ) and the playbook aspect , we actually have some big picture perspective on this . We ’ re looking at real data at a very granular level . There are a lot of developments but defence evasion is one of the top techniques that is being focused on by attackers . There are 42 different techniques associated with that .
In 2022 , wiper malware has been much more active than in recent years which ties into the theme of aggression . This is destructive malware that ’ s wiping out hard drives and master boot records of systems . We ’ re starting to see this tying into the world of extortion too . We ’ re not just talking about data at risk , but systems infrastructure at risk now .
Another popular attack pattern is targeting firmwares . Firmware attacks can come through various vectors , from malware and rootkits to infected hard drives , corrupted drives and insecure firmware products . Hackers do not have to physically touch a device to carry out an attack . They can do so through remote connections like Bluetooth and Wi-Fi . This means that the growing market of connected devices , such as game consoles , mobile phones and television , is increasingly becoming vulnerable to firmware hacking .
What can organisations do to protect against these attacks ? How do AI and Machine Learning factor into the defence equation ?
Manky : It ’ s important to distinguish the differences and they are all necessary . First , you have at the basic level – automation . Consider a threat feed with threat intelligence and with policies being applied . Without that , organisations would be lost , quite frankly . For example , we ’ re responding to 100 billion threats a day with FortiGuard Labs , and a majority of that is automated . Automation is largely to help with the volume of detections and policies needed at speed , reducing reaction time and offloading mundane tasks from SOC analysts .
Where Machine Learning and AI come into play are for the threats that are unknown . The question here is : how do you get ahead of the curve ? AI is the action piece , whereas Machine Learning is the learning piece . Machine Learning works on models and each application can use a different model . Machine Learning for web threats is entirely different than Machine Learning for zero-day malware . Organisations need to be able to do them all to effectively secure against various attack vectors . By
66 www . intelligentciso . com